CRISC Certified in Risk and Information Systems Control – Question297

You are the project manager of GHT project. You identified a risk of noncompliance with regulations due to missing of a number of relatively simple procedures. The response requires creating the missing procedures and implementing them. In which of the following risk response prioritization should this case be categorized?

A.
Business case to be made
B. Quick win
C. Risk avoidance
D. Deferrals

Correct Answer: B

Explanation:

Explanation: This is categorized as a “quick win” because the allocation of existing resources or a minor resource investment provides measurable benefits. Quick win is very effective and efficient response that addresses medium to high risk.
Incorrect Answers:
A: “Business case to be made” requires careful analysis and management decisions on investments that are more expensive or difficult risk responses to medium to high risk. Here in this scenario, there is only minor investment that is why, it is not “business case to be made”.
C: Risk avoidance is a type of risk response and not risk response prioritization option.
D: Deferral addresses costly risk response to a low risk, and hence in this specified scenario it is not used.